Switch to pull non-secret values from env (#376)

sethvargo · web-flow · commit 68ca477179ff · 2023-03-24T16:43:49.000-04:00
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -18,14 +18,14 @@ jobs:
 
     - uses: 'google-github-actions/auth@main'
       with:
-        workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
-        service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
+        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
     - uses: 'google-github-actions/setup-gcloud@main'
 
     - name: Delete services
       run: |-
-        gcloud config set core/project "${{ secrets.PROJECT_ID }}"
+        gcloud config set core/project "${{ vars.PROJECT_ID }}"
         gcloud config set functions/region "us-central1"
 
         # List and delete all functions that were deployed 30 minutes ago or
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -32,8 +32,8 @@ jobs:
 
     - uses: 'google-github-actions/auth@main'
       with:
-        workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
-        service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
+        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
     - id: 'deploy'
       uses: './'
@@ -62,8 +62,8 @@ jobs:
 
     - uses: 'google-github-actions/auth@main'
       with:
-        workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
-        service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
+        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
     - id: 'deploy'
       uses: './'
@@ -73,16 +73,16 @@ jobs:
         entry_point: 'helloWorld'
         source_dir: './tests/test-node-func/'
         event_trigger_type: 'providers/cloud.pubsub/eventTypes/topic.publish'
-        event_trigger_resource: '${{ secrets.PUBSUB_TOPIC_NAME }}'
+        event_trigger_resource: '${{ vars.PUBSUB_TOPIC_NAME }}'
         event_trigger_retry: true
         env_vars_file: './tests/env-var-files/test.good.yaml'
         build_environment_variables: 'FOO=bar, ZIP=zap'
         build_environment_variables_file: './tests/env-var-files/test.good.yaml'
         secret_environment_variables: |-
-          FOO=${{ secrets.SECRET_VERSION_NAME }}
-          BAR=${{ secrets.SECRET_NAME }}
-        secret_volumes: '/etc/secrets/foo=${{ secrets.SECRET_VERSION_NAME }}'
-        service_account_email: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
+          FOO=${{ vars.SECRET_VERSION_NAME }}
+          BAR=${{ vars.SECRET_NAME }}
+        secret_volumes: '/etc/secrets/foo=${{ vars.SECRET_VERSION_NAME }}'
+        service_account_email: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
         min_instances: 2
         max_instances: 5
         timeout: 300
diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
@@ -47,12 +47,12 @@ jobs:
     - uses: 'google-github-actions/auth@main'
       if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
       with:
-        workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
-        service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
+        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
     - name: 'npm test'
       env:
-        TEST_PROJECT_ID: '${{ secrets.PROJECT_ID }}'
-        TEST_SERVICE_ACCOUNT_EMAIL: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
-        TEST_SECRET_VERSION_NAME: '${{ secrets.SECRET_VERSION_NAME }}'
+        TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
+        TEST_SERVICE_ACCOUNT_EMAIL: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+        TEST_SECRET_VERSION_NAME: '${{ vars.SECRET_VERSION_NAME }}'
       run: 'npm run test'
